PHP code example of qa-data / api-security

1. Go to this page and download the library: Download qa-data/api-security library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php. 
    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

qa-data / api-security example snippets


try {
	$user->login($token);
} catch (QaData\ApiSecurity\AuthenticationException $e) {
	// ... login failed
}


echo $user->isLoggedIn() ? 'yes' : 'no';


$authenticator = new QaData\ApiSecurity\SimpleAuthenticator([
	# name => password
	1 => 'admin_token',
]);




class MyAuthenticator implements QaData\ApiSecurity\Authenticator
{
	private $database;
	private $passwords;

	public function __construct(Nette\Database\Context $database)
	{
		$this->database = $database;
		$this->passwords = $passwords;
	}

	public function authenticate(string $token): QaData\ApiSecurity\Identity
	{
		$row = $this->database->table('tokens')
			->where('token', $token)
			->fetch();

		if (!$row) {
			throw new QaData\ApiSecurity\AuthenticationException('Token not found.');
		}

		return new QaData\ApiSecurity\SimpleIdentity(
			$row->id,
			$row->token,
			$row->roles,
			[
				'name' => $row->username,
			]
		);
	}
}


$user->onLoggedIn[] = function () {
	// user has just logged in
};


$user->getIdentity()->getId();
$user->getIdentity()->getRoles();


if ($user->isLoggedIn()) { // is user logged in?
	deleteItem(); // if so, he may delete an item
}


if ($user->isInRole('admin')) { // is the admin role assigned to the user?
	deleteItem(); // if so, he may delete an item
}


class MyAuthorizator implements QaData\ApiSecurity\Authorizator
{
	public function isAllowed($role, $resource, $operation): bool
	{
		if ($role === 'admin') {
			return true;
		}
		if ($role === 'user' && $resource === 'article') {
			return true;
		}

		...

		return false;
	}
}


if ($user->isAllowed('file')) { // is user allowed to do everything with resource 'file'?
	useFile();
}

if ($user->isAllowed('file', 'delete')) { // is user allowed to delete a resource 'file'?
	deleteFile();
}


$acl = new QaData\ApiSecurity\Permission;

$acl->addRole('guest');
$acl->addRole('registered', 'guest'); // registered inherits from guest
$acl->addRole('administrator', 'registered'); // and administrator inherits from registered


$acl->addResource('article');
$acl->addResource('comment');
$acl->addResource('poll');


// everything is denied now

// let the guest view polls
$acl->allow('guest', 'poll', 'view');

// and also vote in polls
$acl->allow('guest', 'poll', 'vote');

// the registered inherits the permissions from guesta, we will also let him to comment
$acl->allow('registered', 'comment', 'add');

// the administrator can view and edit anything
$acl->allow('administrator', 'article');
$acl->allow('administrator', 'comment');
$acl->allow('administrator', 'pool');


// administrator cannot edit polls, that would be undemocractic.
$acl->deny('administrator', 'poll', 'edit');


// can guest view articles?
$acl->isAllowed('guest', 'article', 'view'); // true

// can guest edit an article?
$acl->isAllowed('guest', 'article', 'edit'); // false

// can guest vote in polls?
$acl->isAllowed('guest', 'poll', 'vote'); // true

// may guest add comments?
$acl->isAllowed('guest', 'comment', 'add'); // false


$acl->isAllowed('registered', 'article', 'view'); // true
$acl->isAllowed('registered', 'comment', 'add'); // true
$acl->isAllowed('registered', 'comment', 'edit'); // false


$acl->isAllowed('administrator', 'poll', 'vote'); // true
$acl->isAllowed('administrator', 'poll', 'edit'); // false
$acl->isAllowed('administrator', 'comment', 'edit'); // true